In most areas, passive monitoring takes place. Thus, we do not actively scan for vulnerabilities or open ports. We use Kaduu to show what a hacker can learn about an organization. This includes leaked data, shadow IT, any sensitive information on hacker forums or the deep web, etc. Thus, most searches are past-oriented and show the consequence of security incidents. However, there are also functions that serve to prevent security incidents. For example, domain monitoring helps to detect phishing and malware attacks in preparation.
What is the threat?
When cyber criminals conduct attacks like phishing or business email compromise (BEC) against employees, they usually spoof (replicate with variation) the domain of the target organization. The idea is to build trust and lure the employees into providing credentials or downloading malware. As the original domain is already taken, the hacker reserves domains with slight variations of the original domain name. As an example, the original domain “industryservices.com” could be turned into “indusrtyservices.com” (letter swap), “industryserv1ces.com” (letter replacement), “industry–services.com” (additional characters), “industry.services” (different TLD), etc.
How can Kaduu assist in mitigating this threat? We monitor all new domain registrations (ccTLDs, gTLDs, uTLD, sTLD). In doing so, we also record typical typo squatting techniques as mentioned above. A newly registered domain that has some similarities to the client’s domain will create an alert in Kaduu. Additionally, we monitor all SSL certificate logs since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain.
You can now search via dashboard or API in Kaduu's database for similar domain names and setup alerts. With the various built-in tools (Screenshot creation, Portscan, Geolocation etc.) you can investigate the findings in Kaduu.
How up to date is the data? The database is updated daily using domain registration feeds. Not all domain types are processed in real time in the feeds, as there is no obligation for the domain providers to report TLD's registration to a central authority. Especially the country top level domains (ccTLD) are only recorded with a time delay (sometimes up to 2 weeks) and it can happen that domains are not included in the alerting in real-time. Please click here for more information on the search syntax.
What techniques do we use to discover domains? We use two techniques:
What is the threat?
Cyber criminals run daily attacks against organizations and their employees. In case of success, they try to commercialize the captured data. Often, they sell it to other hackers as leverage and/or in preparation for further attacks. If, for example, login credentials are stolen, they can be used to spread malware or gain access to further internal systems. The stolen data becomes a valuable product, and the hacker becomes a businessperson that trades that product – mainly in the Dark Web. As a result, millions of breached accounts, credit card and other data pop up almost daily in the Dark and Deep Web.
Login credentials and other breached data can be used to prepare targeted attacks against an organization. Even if the login data of an employee originates from a third party website, the threat is real and common because of password re-use, that is, employees often use the same or similar password to log into the organization’s applications. Often, breached data also contains a lot of valuable information about the target organization or its employees. This could help an attacker prepare spoofing or impersonation attacks.
How can Kaduu assist in mitigating this threat?
Monitoring whether your organization’s name appears in Dark Web forums, Onion-, I2P and paste sites can help you detect potential insider threats, enabling you to prevent data leaks and other incidents that may cause damage to your organization. Dark Web monitoring involves actively searching and tracking the Dark Web for information about your organization, including leaked or stolen data, compromised passwords, breached credentials, intellectual property, and other sensitive data.
How up to date is the data?
The database is updated daily from our analysts. We use different discovery methods (manual and automated).
What do we consider as a leak in kaduu?
A data leak is when sensitive data within an organization is leaked to an external, unauthorized target, either accidentally or through a cyber attack or vulnerability. The data leak can be of physical or electronic information.Unlike accounts, which always involve usernames and or passwords, a data leak can be, for example, an SQL database, a user's password, or even internal, confidential emails.
More information
Please click here for more information on the search syntax.
What is the threat?
A phishing attack against your employees is usually preceded by a short phase of reconnaissance of the targets. In targeted spear phishing attacks, fraudsters often take data from employees’ social media profiles.
Higher-ranking CEOs & C-suite executives are usually more exposed to the public (their profile can often be found on the organization’s website), making them easier targets. For all other departments and employee types, it is difficult to assess the steps an attacker has to take to gather the information they need to reach their target. Only if you venture to perform the same information gathering as the hacker, can you assess the risk of your employees getting exposed to phishing attacks.
How can Kaduu assist in mitigating this threat?
In Kaduu, we measure each employee’s exposure on social media and note where indications of activities related to the specific person can be found. In our monitoring function, you can enter the names of important employees and then receive notifications as soon as something is published about these people on social media. You can also monitor popular social media channels for posts about your company. For example, defamatory posts can be found using the voice analysis function in kaduu: We offer a search function to find negative language use. By monitoring popular forums such as Reddit, you can also detect when the community is discussing possible security incidents or vulnerabilities related to your organization.
What do we monitor?
We currently monitor Twitter, Reddit & Youtube. In the upcoming version of Kaduu (available Q1 2023), it will also be possible to monitor specific social media profiles of key employees, so that you will be notified immediately if fake profiles with similar names or content appear.
More information
Please click here for more information on the search syntax.
What is the threat?
In this deep-web search, we log in to +50 known hacker forums with various accounts and submit the keyword that is entered in the search mask of Kaduu. For example, you can enter your company name or a brand to see if people are talking about it in the forums. If there are results for the search term, we show them in a link as a download. The corresponding pages are saved as a screenshot and also as a web page. We focus on the most popular forums in English, German, French and Russian language.
Introduction
Hacker forums provide clues to possible attack techniques, attack preperations against clients or leacked data. Kaduu enables you to explore and monitor hacker forums, allowing our clients to gain a better understanding of the tools and techniques used by hackers and the areas that are most likely to come under attack.
How do we search forums?
In this deep-web search, we log in to +50 known hacker forums with various accounts and submit the keyword that is entered in the search mask of Kaduu. For example, you can enter your company name or a brand to see if people are talking about it in the forums. If there are results for the search term, we show them in a link as a download. The corresponding pages are saved as a screenshot and also as a web page. We focus on the most popular forums in English, German, French and Russian language.
How do we present the data?
If we find any result related to your search keyword, you can download the screenshot and html file in an archive.
Are there any limitations?
A search can take up to 30 minutes. Please be patient. We also only allow maximum 5 searches per client per day because otherwise our authenticated accounts will get flagged.
More information
Please click here for more information on the topic.
Introduction
Hackers share data leaks on Telegram in different ways. In some channels, hackers post data dumps with short explanations about what people can find in them. In these channels, minimal conversations occur. However, there are also dedicated hacking groups where many members actively discuss various aspects of Internet crime. There are many more ways Telegram is used by hackers:
How many channels exist and how can we keep track?
Telegram has over 500 million active users, and many of these users are likely to have created or joined channels. Telegram allows anyone to create a channel and there's no limitation or verification process to it, so the number of channels on the platform is quite high. Additionally, many of these channels are likely to be inactive or used for legitimate purposes, so it's difficult to estimate the number of channels that are specifically used for hacking or other illegal activities. We try to keep track of channels, but we will only cover a very small fraction of all channels.
How do we search forums?
Kaduu allows you to search the discussion history by comparing your keyword query with real accounts and presenting you the results in a downloadable format. We query around 200+ Telegram channels.
Are there any limitations?
To be able to do monitor Telegram, we use a variety of Telegram accounts. Because Telegram has security filters that block users how generate too many requests, we have to limit the number of requests to a maximum of 5 per customer per day. Please be aware that we query +200 channels at the same time.
More information
Please click here for more information on the topic.
Introduction
AWS S3 is an object storage service in the Amazon cloud. S3 allows both users and applications to save and retrieve practically any type of data that can be stored in its digital form. S3 data is saved in buckets. These are containers of software in which data can be stored and retrieved on an as-needed basis. Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies (https://laminarsecurity.com/blog/new-research-finds-21-of-publicly-facing-cloud-storage-buckets-contain-sensitive-pii-data/) have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed (https://github.com/nagwww/s3-leaks). In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for sensitive data related to your keyword.
The main S3 security risks
Some of the most important S3 risks include:
How to search and monitor cloud storage?
You can enter any keyword like "bank" or "bank switzerland" and Kaduu will monitor for the exact match in public cloud storage on a daily base. Your monitored keywords are displayed on the dashboard and result can be viewed by clicking the "view" button. We suggest using the company name rather than the domain (example instead of example.com). But if the company name is too generic, you might end up with more than 5000 results. This is the limit we display per keyword.
What data should you look for?
Basically any senstive data. Ususally only the own company knows best what is considered senstive according to the data classification. In general it can be said that sensitive data is any data that should not be accessible to unauthorized persons. Sensitive data may include personally identifiable information (PII), such as social security numbers, financial information, or login credentials. A sensitive data compromise occurs when an organization unknowingly discloses sensitive data or when a security incident results in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to sensitive data. Such data compromise may result from inadequate protection of a database, misconfigurations when setting up new instances of data storage, inappropriate use of data systems, etc.
More information
Please click here for more information on the topic.
Introduction
GitHub is a web-based platform that is primarily used for version control and collaboration in software development. It is built on top of the Git version control system and offers a wide range of features to support software development teams.
Using GitHub for an organization can introduce a number of security risks, including:
How can you investigate the results?
Kaduu allows you to capture search terms and check their publication on publicly available Github repositories. If there is a match, we publish the result with the corresponding link. Kaduu connects to Github once per day for each keyword. After you entered the keyword, you should see some results under the "view" button. Please be patient, the search can take up to 2 hours.
More information
Please click here for more information on the topic.
Introduction
Google hacking, also known as Google dorking, is the practice of using advanced operators in the Google search engine to find security vulnerabilities in websites. These operators can be used to search for specific file types, sensitive information, and other vulnerability-related information. It is often used by security researchers and hackers to find vulnerabilities in websites and networks. There are google Dork lists like https://www.exploit-db.com/google-hacking-database which can be used in combination with your domain. If any result appears in Kaduu, it means that there is a possible security vulnerability or data exposure in one of the webservices of your organisation.
What vulnerabilities can be exposed using google hacking?
Google hacking can be used to expose a variety of vulnerabilities in websites, including:
How to use Google Dork Monitoring?
Please enter you domain like "example.com" and not "www.example.com" to not limit the results to a specific server. The domain you enter will be queried once per day using a Google API call. If there are any results, you can see them by clicking on "view". You will see all the alerts that have been triggered using your keyword. The query type will reveal what keyword has triggered the alert.
More information
Please click here for more information on the topic.
Many certificate services automatically issues domain-validated (DV) certificates to websites by checking the URL's phishing status against the Google Safe Browsing API. Once issued, the issuer does not monitor the certificates or take any action afterward. Even if Google later flags the domain as malicious, the issuer will not revoke certificates. As a result, many phishing websites are secured with SSL certificates, spoofing the legitimate clients name. By monitoring the certificate logs, you can detect if your organizations name gets spoofed on SSL certificates. The reason why this is possible is that the issuer submits all of the certificates into a certificate transparency log. This is a mechanism designed to increase public transparency into the activities of CAs. The logs can be accessed by Kaduu.
What is a certificate transperency log?
Certificate Transparency (CT) logs are public, append-only logs that are used to record the issuance of SSL/TLS certificates. These logs are designed to improve the transparency and accountability of the certificate issuance process by making it possible for anyone to view the information that is recorded in the logs.
What is the benefit of this monitoring?
You can prevent social engineering and phishing attacks by detecting malicious websites as they are being created. Many hackers secure their phishing websites with SSL, for example, in order to make the user believe that the site is trustworthy and secure. As soon as we recognize the name of the organization to be monitored in the certificate, an alarm is triggered. a hacker could create a fake e_banking site, for example. Let's assume the original domain of the attacked bank is https://ebanking365.com. The hacker could now create a website with the login https://ebanking365.webhosting.ru. As long as you monitor "ebanking365" as a search term, you will be notified when this certificate is created. Aditionally you could detect Shadow IT using your domain name.
How does certificate monitoring differ from domain monitoring?
We take the above example: If the organization to be monitored has https://ebanking365.com as a website, domain monitoring can find all misspellings or domains that have ebanking365 in the main domain. But if a hacker uses a subdomain and e.g. replaces the "www" with ebanking365 (https://ebanking365.webhosting.ru.), this cannot be detected with domain monitoring, but with certificate monitoring if the hacker secures the website with SSL.
What CA's do we monitor?
We monitor most common CA's. Here are some examples:
More information
Please click here for more information on the search syntax.
Pastebin allows users to share text in the form of public posts called "pastes." Since the launch of Pastebin,many similar web applications called "paste sites" have developed. Pastebin sites are usually used for sharing code. However, any data in text form can also be uploaded and shared. The Pastebin search tool allows users to find relevant content based on keywords. Pastebin also relies on users to report abuse, which means non-compliant ones are rarely removed. This allows hackers to easily and anonymously penetrate data in an accessible location. Pastebin and similar websites are hosted on the Deep Web. This means that they can be viewed in a normal Internet browser, but the content is not indexed by Google and other traditional search engines. Users have to use the internal keyword search function to find specific content, or get paste links directly from other users. There are also paste sites on the dark web that offer increased anonymity via a Tor browser and are focused exclusively on illegal activities. For example, DeepPaste on the Dark Web is mainly used for advertising illegal goods or services. So, hackers use paste sites to prepare attacks or even to anonymously publish data from successful attacks. Therefore, it is important to monitor them.
Git is a free and open source distributed version control system designed to handle everything from small to large projects and share code among developers. Publishing sensitive information to version control systems like GitHub is a common risk for organizations. There have been documented cases of developers accidentally publishing secrets such as API keys only to have them scraped and used by attackers moments later. Thats why ist important to monitor Github repositories.
How are hackers using paste sites?
It's important to note that many paste sites have implemented anti-abuse measures and policies and will remove illegal content when notified
How does this work?
You can monitor Github and Paste Sites in 2 different ways:
About 1)
The technique we use in deepweb.leak.center is slightly different to control.leak.center and will catch different results. In this platform we offer the ability to use custom google queries to find your keyword in combination with paste sites and a direct API connection to Pastebin. You see under "sources" on the result page which technique was used to grab the according result.
About 2)
You can enter your search term under the navigation item "pastebin". You could for example search for pwd AND jpmorgan and you will see all data that contains BOTH search terms in the same result.
In general we recommend you start monitoring your company name and domain to start with. If your Company is aclled bank365 and your domain is bank365.com then you could create seperate queries for both words. Of course you can monitor anything that seems to be a valuable asset (a patent name, a brand or a person)
More information
Please click here for more information on the search syntax.
How are credit cards leacked to the darknet?
Credit card information can be leaked to the darknet in a variety of ways, some of the common methods include:
Once the credit card information is obtained, it can be sold on darknet marketplaces, as well as on other forums, chat groups, and hidden services. Darknet marketplaces are a platform where illegal goods and services are traded, and credit card information is one of the most common types of items sold on these marketplaces.
How do we obtain credit card info?
We try to collect mainly freely available credit card log dumps. Those dumps might not have the very latest card data which are ususally sold for a high price, but still can help owners identify if their card was affected by a leak in the past. Occiasionally we also buy dumps and make them available in elastic search DB from kaduu.
How much does it cost if you had to buy stolen credit card data on the darknet?
The cost of buying stolen credit card information on the darknet varies depending on a number of factors, including the type of card, the card's issuing country, and the amount of information that is included with the card.
Typically, a single credit card number, known as a "dumps," can be sold for a few dollars. A "dumps" is the information on the magnetic strip of a credit card, which can be used to make fraudulent purchases in-store.
On the other hand, a full package of information for a credit card, known as "fullz," which includes the cardholder's name, address, date of birth, social security number and other personal information, can be sold for $10-$50. These fullz are used to make fraudulent purchases online, open bank accounts, apply for loans, and for other financial frauds.
It is important to note that these prices are just an estimate and the cost may vary depending on the source and the quantity of data available. It's also worth noting that the prices are subject to change over time, and the prices may be different based on the location and the vendor.
How can you find credit cards in Kaduu?
The credit card data published comes from leaks that have already been published on the darknet. New cards are added continuously. The database is updated weekly or daily for major leaks. You find the Credit Card Search in the expert mode only. On this page you can search in a database of indexed credit card leaks. Credit cards are displayed in masked form and when you are searching the database. You may search using first 6 and last 4 digits and replace all middle digits with "X" - thus you will not expose your credit card number to the system. Otherwise, the number gets hashed with SHA-256 algorithm before being sent to our server.
More information
Please click here for more information on the search syntax.
Introduction
Ransomware hackers have escalated their extortion strategies by stealing files from victims before encrypting their data. These stolen files are then used as further leverage to force victims to pay. Many ransomware hackers have created data leak sites to publicly shame their victims and publish the files they stole. Those are called "hall of shame" websites. Ransomware hall of shame websites are websites that publicly list the organizations and companies that have been victims of ransomware attacks. These websites typically include the names of the organizations, the date of the attack, and the amount of ransom demanded by the attackers. Some sites may also include information about the type of ransomware used in the attack, and whether or not the victim paid the ransom.
The main goal of these websites is to raise awareness about the growing threat of ransomware and to encourage organizations to take steps to protect themselves from these types of attacks. These sites also serve as a warning to other organizations and individuals about the dangers of not applying proper cyber security measures in place.
It's important to note that the inclusion of a company or an organization in a Ransomware Hall of Shame website doesn't mean that the victim didn't have any cyber security measures in place, but it could be that the attackers found a way to bypass them. Also, some organizations may choose not to publicize the attack, in which case the attack may not be listed on these websites.
Why is it useful to monitor this?
One would expect that the company affected by a ransomware attack would be the first to know about it. However, there are scenarios why this should be monitored:
More information
Please click here for more information on the search syntax.
What is a bot or a botnet?
Malware bots and Internet bots are a type of malware that can be programmed to hack into user accounts, search the Internet for contact information, send spam, or develop other malicious activities. To disguise the origin of such attacks, attackers can also distribute malicious bots through a botnet - that is, a bot network. A botnet consists of a number of devices connected to the Internet and running one or more bots without the knowledge of the respective device owner. Because each device has its own IP address, botnet traffic originates from a variety of IP addresses, making it harder to spot and block its point of origin. Botnets also self-propagate to more devices, which can then send out spam and in turn infect more machines.
If an IP, host name oder username pops up in the Kaduu logs, it means it has been infected with a malicious bot.
Where can you obtain botnet logs in the darknet?
Botnet logs can be obtained in various darknet marketplaces, forums, and websites. These marketplaces and forums are typically used by cybercriminals to buy and sell stolen data, malware, and other illegal goods and services. Some examples include:
It's important to note that access to these sites and marketplaces can be challenging and they are often hidden and may require specific software or knowledge to access them. Additionally, these sites and marketplaces are often taken down by law enforcement, or go offline for other reasons, so the availability of botnet logs on the darknet may vary over time.
It's also important to note that accessing these sites and attempting to purchase botnet logs is illegal in most countries, and could lead to serious consequences such as civil or criminal charges. Additionally, these sites may host malware, so accessing them could also put your device at risk.
What type of devices are more likely to be infected with bots?
Malicious bots, also known as malware bots or botnets, can infect a wide range of devices, including personal computers, servers, and mobile devices. However, certain types of devices and users are more likely to be targeted than others. It is much more unlikely that public servers are infected with bots opposite to private computers. Here are the most exposed device types:
How are bot logs accessible in Kaduu?
There are two search pages:
Bot Record Details
If you want to see the details of the bot records, please click on the IP address. You will the see the path of the file, that lead to the malware infection. More details about the user, the internet history and web calls will be also visible.
More information
Please click here for more information on the search syntax.
What can you discover on .onion websites in the darknet?
Onion websites are websites that are hosted on the Tor network, a network that is designed to provide anonymity and privacy for its users. These websites are not accessible through regular web browsers and can only be accessed using the Tor Browser or another tool that is capable of connecting to the Tor network.
On .onion websites, you can find a wide range of illegal and illicit goods and services, including:
How reliable is a darknet search on onion websites and how much fata can you actually find?
Searching the darknet, specifically the Tor network, can be challenging and the reliability of the information found on .onion websites can vary greatly. Because the darknet is not indexed by traditional search engines, finding specific information or sites can be difficult without knowing the exact web address or a specific link to follow.
Additionally, many .onion websites are scams, or set up by law enforcement to catch criminals, so it's important to be cautious when interacting with these sites. Even if you find a site that appears to be legitimate, the information or goods being offered may not be what they seem.
As for the amount of data you can find, it depends on what you are looking for. Some .onion websites may have a lot of information available, while others may be more limited. Additionally, as with any underground marketplaces, the availability of certain goods or services can change over time and may not always be available
How to use Live Search in Kaduu?
On the Kaduu dashboard live search page you can search multiple (10+) darknet and clearnet search engines in live mode. Words you enter in the query field will be directly forwarded to multiple external search engines, so we suggest using only simple phrases - a company, person or domain name. Set "Validate Results" option in order to verify each found result and check whether it contains the exact search phrase. This option may be useful only when searching 1-word queries, otherwise search results may be inaccurate.
It may take up to a few minutes to get all results, as we will be requesting multiple external resources over proxy servers, TOR and I2P networks, which may be very slow.
Were do we search?
We use a number of proxies and darknet search engines to search for the term. The respective search engine is displayed after entering the search term.
What does it mean if my company or keyword shows up in the search?
The fact that your organization is mentioned on a darknet site does not necessarily mean that you are at risk. Some legitimate news and websites are mirrored on the darknet. However, the mention of your organization may indicate the preparation of an attack or even a successful attack. We therefore ask you to investigate the above-mentioned results and, if necessary, take the necessary steps
More information
Please click here for more information on the search syntax.
Introduction
A phishing attack against your employees is usually preceded by a short phase of reconnaissance of the targets. In targeted spear phishing attacks, fraudsters often take data from employees’ social media profiles. There are also email lists offered in hacker forums, and lastly, there are a number of hacking tools that search the Internet and Dark Web for information on the targets.
Higher-ranking CEOs & C-suite executives are usually more exposed to the public (their profile can often be found on the organization’s website), making them easier targets. For all other departments and employee types, it is difficult to assess the steps an attacker has to take to gather the information they need to reach their target. Only if you venture to perform the same information gathering as the hacker, can you assess the risk of your employees getting exposed to phishing attacks. The greater an employee’s exposure on the Internet or Dark Web, the higher the likelihood of them becoming a victim of a social engineering attack, like phishing. Employees who register with their names and business email accounts on private websites put the whole organization at risk as this gives the hacker a bigger attack surface.
What is monitored?
In Kaduu, we measure each employee’s exposure on the Internet and note where indications of activities related to the specific email account can be found. We try to find the employee’s email address on the Internet, Deep Web or Dark Net and list the according email references from the websites where we found the account. We then try to investigate how often the email is referenced in different unique sources. The more sources, the bigger the exposure.
What is the benefit?
Everything that helps you reduce your attack surface can also limit future breaches. If you find any employee’s business email account on private websites, you will be able to create targeted user awareness training that helps them understand the consequences of such an exposure.
How does it work?
We have two type of searches:
In both cases you need to enter the company domain with the syntax "domain.com". Please use the TLD used for your email accounts.
Discord is a popular communication platform designed for online communities and gamers. It offers a variety of features including text, voice and video chat, file sharing, and gaming integrations. Discord is available as a browser-based web app, a desktop app for Windows, MacOS, Linux and as mobile apps for iOS and Android. The platform allows users to create and join virtual servers (also called "Discord servers") to connect with others based on common interests.
How is Discord used by hackers?
Discord can be used by hackers in various ways, including:
How many channels exist?
It's not possible to determine the exact number of Discord channels that exist, as the platform allows for an unlimited number of servers and channels to be created. The number of Discord channels continues to grow as new servers are created and existing servers add new channels. Discord has over 150 million monthly active users, so there are likely a large number of channels across all the servers on the platform.
What channels do we monitor?
In Kaduu we use a passive vulnerability detection approach. Passive Vulnerability Detection and Active Vulnerability Detection are two methods used to identify security vulnerabilities in a network or system.
How to use this feature?
For the infrastructure search we need the domain (example.com and not www.example.com) as input. You can't search for IP's or other elements, because based on the domain we first find out via databases, which subdomains all belong to the main domain. We get data from Dnsdumpster, Shodan but also Certificate transparency logs. We thus recreate the infrastructure as a hacker will see it, without performing active scans. For all elements found, we then search the deep web again to see if any information about open ports or vulnerabilities can be found. Again, no scans take place.
How do we present the data?
For every host we find we do a reverse DNS lookup and query databases like Shodan in order to find information about open ports, used applications or vulnerabilities (CVE).